Author Topic: Zone Alarm? (Read 15647 times)

Perd Hapley · « **on:** April 11, 2009, 12:54:31 PM »

Zone Alarm won't install on my Win 2000 computer, but I don't know how it is better than the Windows firewall, anyway. Well, except that it's not Microsoft.

Why is Zone Alarm so super? I might use it on other machines.

Ben · « **Reply #1 on:** April 11, 2009, 02:09:54 PM »

Personally, I'm a former ZoneAlarm user. It's got bloated and interfered with other programs I had. One time on my laptop it locked me out of the Internet completely, and I don't remember the exact fix, but it was a pain in the ass that required booting in Safe Mode. Though a bit expensive compared to others, I've been using Kaspersky (firewall and anti-virus), which has a pretty small footprint and requires minimal interaction.

If you're on a budget, the Windows firewall should do you pretty well as long as it's coupled with good hardware firewall protection via your router. You might want to test your basic protection via Shields Up at: https://www.grc.com/x/ne.dll?bh0bkyd2

bedlamite · « **Reply #2 on:** April 11, 2009, 03:40:26 PM »

http://www.sunbeltsoftware.com/home-home-office/sunbelt-personal-firewall/

Regolith · « **Reply #3 on:** April 11, 2009, 06:42:39 PM »

I used to use ZoneAlarm, but it started causing too many...issues, so I went to Comodo instead. It seems to work fairly well.

K Frame · « **Reply #4 on:** April 11, 2009, 07:47:55 PM »

My Mother got disgusted with it, as well, and quit using it.

crt360 · « **Reply #5 on:** April 11, 2009, 11:42:08 PM »

I gave up on ZA for the same reasons Ben did.

Vodka7 · « **Reply #6 on:** April 12, 2009, 01:41:42 AM »

Comodo's firewall is amazing and free. That said, the vast majority of users, especially those behind a router, just don't need one. I ditched Comodo a year or so ago, haven't missed it.

Perd Hapley · « **Reply #7 on:** April 12, 2009, 12:17:35 PM »

Router?

I don't know what that is, but I hope I have one.

RocketMan · « **Reply #8 on:** April 12, 2009, 12:26:37 PM »

Quote from: fistful on April 12, 2009, 12:17:35 PM

Router?

I don't know what that is, but I hope I have one.

Sorry, it ain't the wood carving thing.

Routers

Ben · « **Reply #9 on:** April 12, 2009, 12:39:48 PM »

Quote

That said, the vast majority of users, especially those behind a router, just don't need one.

True enough. These days it never hurts to be a little paranoid, but I too no longer use a software firewall on my desktop, only on my laptops.

AmbulanceDriver · « **Reply #10 on:** April 13, 2009, 01:19:34 PM »

Well, I'm running a NAT firewall and AVG on my boxes here at home. ShieldsUp says that my computer is essentially invisible to the rest of the world.

Quote

GRC Port Authority Report created on UTC: 2009-04-13 at 17:19:43

Results from scan of ports: 0-1055

0 Ports Open
0 Ports Closed
1056 Ports Stealth
---------------------
1056 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

So unless I do something remarkably stupid like get a file with a nasty payload in it, I should be relatively ok...

Nick1911 · « **Reply #11 on:** April 13, 2009, 02:22:26 PM »

Quote from: AmbulanceDriver on April 13, 2009, 01:19:34 PM

Well, I'm running a NAT firewall and AVG on my boxes here at home. ShieldsUp says that my computer is essentially invisible to the rest of the world.

So unless I do something remarkably stupid like get a file with a nasty payload in it, I should be relatively ok...

Same here. Behind NAT the only real way in is through a user.

Balog · « **Reply #12 on:** April 13, 2009, 02:44:15 PM »

mtnbkr · « **Reply #13 on:** April 13, 2009, 02:47:45 PM »

Network Address Translation.

Your ISP gives you one public IP address. It is assigned to your router. Your router has a pool of IPs it uses to assign to devices in your home (PC, wireless printer, game system, etc). NAT is what binds the two sets of IPs together. In this case, it's a one-to-many assignment. Yes, you can have one-to-one and other flavors, but most, if not all, home users are on a one-to-many NAT configuration.

The purpose is to conserve publicly routable IPs, but it also adds a layer of security.

Chris

Balog · « **Reply #14 on:** April 13, 2009, 02:54:11 PM »

So..... it's the built in router firewall then?

mtnbkr · « **Reply #15 on:** April 13, 2009, 02:55:38 PM »

Yes. If you have a broadband connection at home and your PC's IP is something like 192.168.x.x or 10.x.x.x, you're taking advantage of NAT (because those two networks aren't routable on the public internet).

Chris

mtnbkr · « **Reply #16 on:** April 13, 2009, 02:57:45 PM »

The reason it adds to security is because the bad guys don't have a direct route to your PC. Sure, they can get to the router's public IP, but unless you've configured it to allow traffic inbound (port forwarding for example), there's no way to get there. The bad guy can't point directly to your private network IP since traffic to/from such IPs isn't routable.

Chris

Perd Hapley · « **Reply #17 on:** April 13, 2009, 03:09:30 PM »

NAT would not apply to a single device connected to a DSL, modem, correct? So if I put a second computer in the living room, and connect both computers to a router, I would be adding a layer of security?

mtnbkr · « **Reply #18 on:** April 13, 2009, 03:13:39 PM »

Depends on the modem. Some modems perform a sort of bridging that in effect assigns that public IP directly to your computer.

Adding a router in between the modem and your computers will add NATing.

It gets kind of confusing because back in the day, you only got a "modem" with your broadband connection and had to get your own router. Nowadays, ISPs are supplying "all in one" devices that act as modem and router. My first broadband account was the former, my current one is the latter.

Chris

Perd Hapley · « **Reply #19 on:** April 13, 2009, 03:22:30 PM »

Thanks.

Gewehr98 · « **Reply #20 on:** April 13, 2009, 07:50:45 PM »

And when you have a hardware firewall with NAT, be damned careful with port forwarding and DMZ settings.

UPnP is considered a security leak in that respect, too.

IOW, a hardware firewall is only as good as you make it.

Without trying too hard, you can actually make large holes in it from your side, and that's something you really don't want to do.

Balog · « **Reply #21 on:** April 13, 2009, 08:20:17 PM »

Sooooo, port forwarding and DMZ are things you hav e to go out the way to deliberately set up, right? Not the sort of thing you'd just accidentally do?

Gewehr98 · « **Reply #22 on:** April 14, 2009, 02:19:04 AM »

Yes and no.

Some games, particularly when doing the online thing, will attempt to set up port forwarding.

Others will request you set certain ports open for best game throughput. WarCrack and Ventrilo do that.

My Vonage VOIP here at home requires some ports be forwarded through the router to function properly.

BitTorrent will do it automatically, using UPnP to trigger open ports through the hardware firewall.

I've seen some software, and the Windows 7 operating system I've been using, open up a port for Teredo/IPv6.

I'm sure there are others, but you have to keep your wits about you.

Port forwarding isn't bad in itself, as long as you know what's going where and what's coming/going through.

Leave DMZ settings completely alone. Don't turn it on at all.

I know it's an easy way to get downloads quickly and maximize bandwidth, but DMZ is a huge freeway from the WWW right to the tagged computer - sans no firewall protection.

Balog · « **Reply #23 on:** April 14, 2009, 02:42:04 AM »

Hmmm, so how can I determine if port forwarding is enabled, and how can I turn it off?

Gewehr98 · « **Reply #24 on:** April 14, 2009, 12:29:49 PM »

Which router model do you have?

You'll need to go into the settings to view them.

There's usually a URL you enter in a browser to see the router's settings.

News:

Author Topic: Zone Alarm? (Read 15647 times)